CVE-2023-3776: 
Linux Kernel vulnerability analysis and mitigation

A use-after-free vulnerability was discovered in the Linux kernel's net/sched: clsfw component (CVE-2023-3776). The vulnerability affects Linux kernel versions from 2.6 through versions prior to 6.5. The issue was discovered in July 2023 and occurs when tcfchangeindev() fails, causing fwsetparms() to return an error after modifying the reference counter in tcfbind_filter() (NVD, CVE).

The vulnerability exists in the net/sched: clsfw component of the Linux kernel. If tcfchangeindev() fails, fwsetparms() will immediately return an error after incrementing or decrementing the reference counter in tcfbind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free condition. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

The vulnerability can be exploited to achieve local privilege escalation. Successful exploitation could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS). The vulnerability requires local access and low privileges to exploit (NetApp Advisory).

The vulnerability has been fixed in Linux kernel commit 0323bce598eea038714f941ce2b22541c46d488f. The fix involves moving the point of possible failure above the point where the TCFWCLASSID is handled. Users are recommended to upgrade their systems to kernel versions containing this fix. For systems that cannot be immediately updated, one mitigation is to disable the ability for unprivileged users to create namespaces by setting kernel.unprivilegedusernsclone=0 (Kernel Commit).